Details
Robot
FileName
Malware Family HawkEye
Date Added 2016-01-30 03:00:03
MD5 7662129b89984a10d05ad92a96b6b8e4
Sha256 4a5a46077354ee9d1825e26bd6a91642c235d4e8618193fb60736e132aa79513
Robot Robots lovingly delivered by robohash.org
Advertising
C2 Data
Config String 27 Disablescreeny
Crypted String 6 smtp.gmail.com
Config String 18 dontclearff
Crypted String 5 YourPassword
Config String 37 Disablesteam
Config String 19 bindfiles
Config String 15 yesftp
Config String 2 WinForms_RecursiveFormCreate
Crypted String 12 99991203
Crypted String 39
Config String 17 dontclearie
Config String 30 logger
Config String 33 reg
Config String 31 stealers
Config String 21 websitevisitor
Config String 1 Property can only be set to Nothing
Config String 24 DisableSSL
Config String 22 websiteblocker
Crypted String 10 ftp.hostedftp.com
Config String 23 Disablenotify
Config String 36 spreaders
Config String 29 TaskManager
Config String 28 clip
Config String 8 600000
Config String 16 nophp
Config String 26 startup
Crypted String 0
Config String 3 WinForms_SeeInnerException
Config String 14 noemail
Crypted String 11 itsjustfake123@gmail.com
Config String 25 Disablefakerror
Config String 20 downloadfiles
Config String 32 melt
Config String 38 \Windows Update.exe
Crypted String 4 youremail@gmail.com
Crypted String 9
Config String 7 0
Crypted String 13 http://www.site.com/logs.php
Config String 34 cmd
Config String 35 msconfig
Virustotal

39 out of 54 AV Engines identified the sample as Malicious.

Virustotal Report

C2 Information
Domain FQDN IP Country Code
com/logs.php http://www.site.com/logs.php 0